General Data Protection Regulation
The new general Data Protection Regulation shall enter into force on May 25, 2018, throughout Europe. It entails stronger consumer rights, new liability obligations and restrictions on international data flows. In the event of non-compliance, organizations in breach of GDPR can be fined up to 4% of annual global turnover or € 20 Million.
The Data Protection Regulation (GDPR) implies significant changes, compared to the Austrian Data Protection Act (DSG2000). The GDPR regulates the collection, storage, processing and disclosure of personal data (of natural persons), where the legality of such processing is the sole responsibility of the Executive Board, the Managing Director, the Board of Directors or the individual entrepreneurs.
Whereas reporting to the Data Processing Register sufficed to meet the legal requirements, the obligation of such reporting will be waived; however, the organization must ensure detailed documentation about the different data applications. With this "Record of processing activities", you always have to provide up-to-date information on the data you are collecting, from whom and when, where and in which form they are processed, who has access to it, which data are disclosed to whom, and many more.
In the framework of the Artus GDPR Readiness Assessment, we use a 360-degree analysis to check whether and to what extent your company meets the requirements of the new GDPR. Based on these results we elaborate solutions together with your team to ensure compliance and assist you with implementation using suitable measures.
With the new regulation, numerous information requirements must be observed with data collection and processing. Every person concerned, whether customer, employee or supplier, must be given full information on the data stored about them, within one month. Persons concerned have the right to rectification, erasure, restriction of the processing and the right to object to data transfer to a third party receiver.
Compliance with the GDPR specifications requires the development of practice-oriented and individual processing processes, which we define together with your employees. In addition to the organizational and data protection law-relevant criteria, our experts also develop the measures necessary to comply with the technical requirements.
Our services in brief
- GDPR Readiness Assessment
- Development of the processing records
- Privacy and data protection impact assessment with the introduction of new technologies
- Data Protection Officer
- GDPR Compliance Check